package api

import (
	"github.com/gin-gonic/gin"
	"github.com/pquerna/otp/totp"
	"net/http"
)

func OtpVerify(c *gin.Context) {
	var otpData struct {
		Username string
		OTPValue string
	}
	if err := c.ShouldBindJSON(&otpData); err != nil {
		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
		return
	}

	user, ok := users[otpData.Username]
	if !ok {
		c.JSON(http.StatusUnauthorized, gin.H{"error": "User not found"})
		return
	}

	valid := totp.Validate(otpData.OTPValue, user.OTPKey)
	if valid {
		c.JSON(http.StatusOK, gin.H{"message": "OTP verification successful"})
	} else {
		c.JSON(http.StatusUnauthorized, gin.H{"error": "Invalid OTP"})
	}
}
